[Ksplice][Ubuntu-12.10-Updates] New updates available via Ksplice (USN-1972-1)

Fri Sep 27 11:07:12 PDT 2013

Synopsis: USN-1972-1 can now be patched using Ksplice
CVEs: CVE-2013-1819 CVE-2013-2237

Systems running Ubuntu 12.10 Quantal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1972-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.10 Quantal
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Heap buffer overflow when reading "pagemap" procfs file.

The kernel does not correctly allocate a temporary buffer when reading from the
"pagemap" procfs file, leading to a kernel heap overflow and possible code
execution.

* NULL pointer dereference in Keyspan USB-to-serial driver.

A NULL pointer dereference and kernel panic can be triggered if a memory
allocation fails when attaching a Keyspan USB device.

* Use-after-free in ext4 metadata error path.

If an error is encountered when writing dirty ext4 metadata to disk, a use-after-
free condition can be triggered causing a kernel panic.

* Deadlock in NILFS2 segment buffer processing.

Incorrect reference counting in the NILFS2 filesystem driver when processing
segment buffers can trigger a deadlock causing a kernel panic.

* NULL pointer in Wireless USB data transfer.

A NULL pointer dereference and kernel panic can be triggered when disconnecting
a wireless USB device while transferring data.

* Kernel panic in removable memory sysfs interface.

When showing the contents of the /sys/devices/system/memory/memory*/removable
sysfs file, the kernel does not validate that all memory sections are present
causing a kernel panic.

* System hang in zram swap free under high memory pressure.

Incorrect locking in the zram swap freeing path could result in a system
hang when the system is under high memory pressure.

* CVE-2013-2237: Information leak on IPSec key socket.

Incorrect initialization on policy flushing could leak kernel stack
bytes to userspace.

* CVE-2013-1819: Denial-of-service in XFS filesystems.

Incorrect validation of block numbers could allow local users to cause a
denial-of-service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by leveraging the ability to
mount an XFS filesystem containing a metadata inode with an invalid
extent map.

* Improved fix for 'Unlimited stack ASLR bypass on 64-bit systems'.

The original update for 'Unlimited stack ASLR bypass on 64-bit systems' did not
correctly handle randomising the stack causing compatibility issues with some
existing user-mode programs. This update corrects the issue.

* NULL pointer dereference in Intel wireless driver.

A NULL pointer dereference can be trigged in the iwlwifi driver when
doing a channel switch.  This can lead to a kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.